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Abstract. This paper gives a reduction-preserving translation from Co- 
quand's dependent pattern matching [4] into a traditional type theory [11] 
with universes, inductive types and relations and the axiom K [22]. 
This translation serves as a proof of termination for structurally recur- 
sive pattern matching programs, provides an implementable compilation 
technique in the style of functional programming languages, and demon- 
strates the equivalence with a more easily understood type theory. 

Dedicated to Professor Joseph Goguen on the occasion of his 65th birthday. 

1 Introduction 

Pattern matching is a long-established notation in functional programming [3, 
19], combining discrimination on constructors and selection of their arguments 
safely, compactly and efficiently. Extended to dependent types by Coquand [4], 
pattern matching becomes still more powerful, managing more complexity as we 
move from simple inductive datatypes, like Nat defined as follows, 

Nat : * = zero : Nat | sue (n: Nat) : Nat 

to work with inductive families of datatypes [6] like Fin, which is indexed over 
Nat (Fin n is an n element enumeration), or Fin's ordering relation, <, indexed 
over indexed data. 4 

Fin (n: Nat) : * = fz„ : Fin (sue n) 

| fs„(i : Fin n) : Fin (sue n) 

(i:Fin n) < n 0" : Fin n) : * = leqz n;j :fz„ <( suc „) 3 

I leqs„ ;l;:) (p:i <„ j) : fs„ i < (suc „) fs„ j 

Pattern matching can make programs and proofs defined over such structures 
just as simple as for their simply- typed analogues. For example, the proof of 
transitivity for < works just the same for Fin as for Nat: 

trans (p:i < j; q:j < k) : i < k 

trans leqz„ ;i q i-> leqz„. fc 

trans (leqsp') i— > leqs n; j' ; fc/ (trans p' q') (leqs q') i— > leqs (trans p' q') 



4 Here we write as subscripts arguments which are usually inferrable; informally, and 
in practice, we omit them entirely. 



There is no such luxury in a traditional type theory [14, 20] , where a datatype 
is equipped only with an elimination constant whose type expresses its induction 
principle and whose operational behaviour is primitive recursion. This paper 
provides a translation from dependent pattern matching in Coquand's sense to 
such a type theory — Luo's UTT [11], extended with the Altenkirch-Streicher K 
axiom 'uniqueness of identity proofs' [22]. Coquand observed that his rules admit 
K; Hofmann and Streicher have shown that K does not follow from the usual 
induction principle for the identity relation [9]. We show that (a variant of) K is 
sufficient to bridge the gap: it lets us encode the constructor-based unification 
which Coquand built directly into his rules. 

Our translation here deploys similar techniques to those in [18], but we now 
ensure both that the translated pattern matching equations hold as reductions 
in the target theory and that the equations can be given a conventional oper- 
ational semantics [1] directly, preserving termination and confluence. By doing 
so, we justify pattern matching as a language construct, in the style of ALF [13], 
without compromising the role of the elimination constant in characterising the 
meaning of data. 

An early approximant of our translation was added to the Lego system [12] 
and demonstrated at 'Types 1998'. To date, McBride's thesis [15] is the only 
account of it, but there the treatment of the empty program is unsatisfying, 
the computational behaviour is verified only up to conversion, and the issue of 
unmatched but trusted terms in pattern matching rules is barely considered. 

Our recent work describes the key equipment. The account of elimination 
in [16] uses a heterogeneous equality to express unification constraints over de- 
pendency typed data. Hence where Coquand's pattern matching invokes an 
external notion of unification and of structural recursion, we have built the tools 
we need within type theory [17]. Now, finally, we assemble these components to 
perform dependent pattern matching by elimination. 

Overview The rest of the paper is organised as follows. Section 2 ex- 
amines pattern matching with dependent types, and develops basic definitions, 
including that of specialisation in patterns, as well as the programs which will 
eventually be translatable to type theory. The key technical definition here is 
that of splitting tree; novel here is the recording of explicit evidence for impos- 
sible case branches. Section 3 describes the target type theory. This is extended 
by function symbols with defining equations which determine reduction rules, 
subject to certain conditions. The allowable such function definitions arise from 
the existence of valid splitting trees. Finally, Section 4 shows how such func- 
tion definitions may be eliminated in favour of closed terms in the type theory 
with the same reduction behaviour; the valid splitting trees precisely correspond 
to the terms built from constructor case analysis and structural recursion on 
inductive families, modulo the heterogeneous equality Eq. 



2 Dependent Pattern Matching 



Let us first take a look at what dependent pattern matching is, and why it is 
a more subtle notion than its simply typed counterpart. Inductive families gain 
their precision from the way their constructors have specialised return types. For 
example, the constructors of Fin can only make elements of sets whose 'size' is 
non-zero. Consider writing some function p (i : Nat; x : Fin i) : • • •. Trying to 
match on x without instantiating i is an error. Rather, one must take account 
of the fact that i is sure to be a sue, if p is to typecheck: 



1/ p i fz : Nat 
\f p i (fs y) : Nat 



P (sucj) fz 
P (sucj) (fs z/) 



Of course, there need not be any actual check at run time whether these (sue j) 
patterns match — the type system guarantees that they must if the patterns for 
x do. This is not merely a convenient optimisation, it is a new and necessary 
phenomenon to consider. For example, we may define the property of 'being in 
the image of f ' for some fixed f : S — > T, then equip f with an 'inverse': 

Imf (t:T) : *= imf (s:S) : Imf (f s) inv (t :T;p:lmf t) : S 

inv (f s) (imf s) h- ► s 

The typing rules force us to write (f s) for t, but there is no way in general that 
we can compute s from t by inverting f . Of course, we actually get s from the 
constructor pattern (imf s) for p, together with a guarantee that t is (f s). 

We have lost the ability to consider patterns for each argument independently 
Moreover, we have lost the distinction of patterns as the sub-language of terms 
consisting only of the linear constructor forms, and with this, the interpretation 
of defining equations as rewriting rules is insufficient. It is not enough just to 
assign dependent types to conventional programs: specialised patterns change 
what programs can be. 

Let us adapt to these new circumstances, and gain from specialisation, ex- 
ploiting the information it delivers 'for free'. For example, in a fully decorated 
version of the step case of the above definition of the trans function, 

tranS( sucn ) ; ( fen i);(fs n3 -);(ft B fc) (leqs Jl;l;J p') (leqs n;J;fc q') h-> 
leqs„. J;fc (trans n;i . 3 -. fe p' q') 

it is precisely specialisation that ensures the p 1 and q' are not arbitrary < proofs, 
but rather appropriate ones, which justify the recursive call to trans. Meanwhile, 
we need not analyse the case 

• • • 1/ trans 

(sue n); (fs n i) ; ?;fc (leqs n;i y p') leqz n;fc : fsz < (s 

because the two proof patterns demand incompatible specialisations of the mid- 
dle value upon which they must agree. In general, specialisation is given by the 
most general unifier for the type of the value being analysed and the type of the 
pattern used to match it. Later, we shall be precise about how this works, but 
let us first sketch how we address its consequences. 



2.1 Patterns with Inaccessible Terms 



The key to recovering an operational interpretation for these defining equations 
is to find the distinction between those parts which require constructor matching, 
and those which merely report specialisation. We shall show how to translate the 
terms on the left-hand sides of definitional equations written by the programmer 
into patterns which, following Brady [2], augment the usual linear constructor 
forms with a representation for the arbitrary terms reported by specialisation 
and presupposed to match. 

Definition 1 (Patterns) 

pat := x \x~\ =>■ x AV(x) =>■ {x} 

| c pat* |~cp]=> c \p\ Av(cp)=4> Av(p) 
j term [f| =*> t AV(£) =S> 0 

Ihs := f pat* \f p\ f \p\ Av(f p) =S> AV(p) 

We say the terms marked t are inaccessible to the matcher and may not bind 
variables. The partial map av(— ) computes the set of accessible variables, where 
Av(p) is the disjoint union, l+ljAVfjij), hence av(— ) is defined only for linear 
patterns. The map |~— ] takes patterns back to terms. 

We can now make sense of our inv function: its left-hand side becomes 

inv (f s) (im s) 

Matching for these patterns is quite normal, with inaccessible terms behaving like 
'don't care' patterns, although our typing rules will always ensure that there is 
actually no choice! We define MATCH to be a partial operation yielding a match- 
ing substitution, throwing a conflict exception 5 , or failing to make progress 
only in the case of non-canonical values in a nonempty context. 

Definition 2 (Matching) Matching is given as follows: 

MATCH(a;, t) [x i ► t] 

MATCH(chalk p, chalk t) MATCHES(p, i) 

MATCH(chalk p, cheese i) -ft- conflict 
match(u, t) e 

MATCHEs(e, e) e 

MATCHES(p; p, t\ t) =^> MATCH(p, t) ; MATCHES(p, t) 

So, although definitional equations are not admissible as rewriting rules just 
as they stand, we can still equip them with an operational model which relies 
only on constructor discrimination. This much, at least, remains as ever it was. 

Before we move on, let us establish a little equipment for working with pat- 
terns. In our discussion, we write p[x] to stand for p with an accessible x ab- 
stracted. We may thus form the instantiation p[p'] if p' is a pattern with variables 



We take chalk and cheese to stand for an arbitrary pair of distinct constructors. 



disjoint from those free in p[—], pasting p' for the accessible occurrence of x and 
\p'1 for the inaccessible copies. In particular, p[c y] is a pattern, given fresh y. 
Meanwhile, we shall need to apply specialising substitutions to patterns: 

Definition 3 (Pattern Specialisation) If o is a substitution from variables 
A to terms over A' with Av(p) = A tfcl A' (making o idempotentj, we define the 
specialisation op, lifting o to patterns recursively as follows: 

ox =>■ ox if x € A cr(c p) =>- c op ot =>• ot 

ox =>• x if x € A' 

Observe that Av(op) = A' . 

Specialisations, being computed by unification, naturally turn out to be idem- 
potent. Their effect on a pattern variable is thus either to retain its accessibility 
or to eliminate it entirely, replacing it with an inaccessible term. Crucially, spe- 
cialisation preserves the availability of a matching semantics despite apparently 
introducing nonlinearity and non-constructor forms. 



2.2 Program Recognition 

The problem we address in this paper is to recognize programs as total functions 
in UTT+K. Naturally, we cannot hope to decide whether it is possible to con- 
struct a functional value exhaustively specified by a set of arbitrary equations. 
What we can do is fix a recognizable and total fragment of those programs whose 
case analysis can be expressed as a splitting tree of constructor discriminations 
and whose recursive calls are on structurally decreasing arguments. 

The idea is to start with a candidate left-hand side whose patterns are just 
variables and to grow a partition by analysing a succession of pattern variables 
into constructor cases. This not only gives us an efficient compilation in the style 
of Augustsson [1], it will also structure our translation, with each node mapping 
to the invocation of an eliminator. Informally, for trans, we build the tree 

trans p q 

trans leqz q i— > leqz 
trans (leqs p') q 

. . , f trans ( l eqs t/) leqz 

CI ' TS 1 \ n s 

~~ [trans (leqs?/) (leqs q') i— > leqs (trans p' q') 

The program just gives the leaves of this tree: finding the whole tree guaran- 
tees that it partitions the possible input. The recursion reduces the size of one 
argument (both, in fact, but one is enough), so the function is total. 

However, if we take a 'program' just to be a set of definitional equations, 
even this recognition problem is well known to be undecidable [4,15,21]. The 
difficulty for the recognizer is the advantage for the programmer: specialisation 
can prune the tree! Above, we can see that q must be split to account for (leqsg'), 



p : i < j 



and having split q, we can confirm that no leqz case is possible. But consider the 
signature empty (i: Fin zero) : X. We have the splitting tree: 



empty i 

( empty fz 



i 



Fin zero 



[ empty (fs i') 



If we record only the leaves of the tree for which we return values, we shall 
not give the recognizer much to work from! More generally, it is possible to 
have arbitrarily large splitting trees with no surviving leaves — it is the need to 
recover these trees from thin air that makes the recognition of equation sets 
undecidable. Equations are insufficient to define dependently typed functions, 
so we had better allow our programs to consist of something more. We extend 
the usual notion of program to allow clauses f t rh x which refute a pattern 
variable, requiring that splitting it leaves no children. For example, we write 

empty [i : Fin zero) 
empty i rh i 

We now give the syntax for programs and splitting trees. 
Definition 4 (Program, Splitting Tree) 

program :— f (context) : term splitting :— compRule 

clause + | [context] Ihs 

clause :— f term* rhs x {splitting + 

rhs :— i ► term compRule := [context] Ihs rhs 

| rh x 

We say that a splitting tree solves the programming problem [A] f p, if these are 
the context and left-hand side at its root node. Every such programming problem 
must satisfy AV(p) = A, ensuring that every variable is accessible. 

To recognize a program with clauses {f tj r t \ 0 < i < n} is to find a 
valid splitting tree with computation rules {[Ai] f pi fj | 0 < i < n} such that 
|f pi] = f U and to check the guardedness of the recursion. We defer the precise 
notion of 'valid' until we have introduced the type system formally, but it will 
certainly be the case that if an internal node has left-hand side f p[x], then 
its children (numbering at least one) have left-hand sides f ap[c y] where c is 
a constructor and a is the specialising substitution which unifies the datatype 
indices of x and c y. 

We fix unification to be first-order with datatype constructors as the rigid 
symbols [10] — we have systematically shown constructors to be injective and 
disjoint, and that inductive families do not admit cyclic terms [17]. Accordingly, 
we have a terminating unification procedure for two vectors of terms which will 
either succeed positively (yielding a specialising substitution), succeed negatively 
(establishing a constructor conflict or cyclic equation) , or fail because the prob- 
lem is too hard. Success is guaranteed if the indices are in constructor form. 



We can thus determine if a given left-hand side may be split at a given 
pattern variable — we require all the index unifications to succeed — and generate 
specialised children for those which succeed positively. We now have: 

Lemma 5 (Decidable Coverage) Given f (x : S) : T; {f tj r, | Q < i < n}, 

it is decidable whether there exists a splitting tree, with root [x : S] f x : T and 
computation rules {[Ai] f pi n | 0 < i < n} such that [f pi \ = f fj. 

Proof The total number of constructor symbols in the subproblems of a split- 
ting node strictly exceeds those in the node's problem. We may thus generate all 
candidate splitting trees whose leaves bear at most the number of constructors 
in the program clauses and test if any yield the program. □ 

Coquand's specification of a covering set of patterns requires the construction 
of a splitting tree: if we can find a covering for a given set of equations, we may 
read off one of our programs by turning the childless nodes into refutations. 
As far as recursion checking is concerned, we may give a criterion a little more 
generous than Coquand's original [4]. 

Definition 6 (Guardedness, Structural Recursion) We define the binary 
relation -<, 'is guarded by', inductively on the syntax of terms: 



ti -< c t\ . . . t„ ~~ ~~ / s -<t r -< t 

We say that a program f(x:S) : T; {tUri | 0 < i < n} is structurally recursive 
if, for some argument position j, we have that every recursive call f s which is a 
subterm of some fj satisfies Sj -< ty. 

It is clearly decidable whether a program is structurally recursive in this 
sense. Unlike Coquand, we do permit one recursive call within the argument of 
another, although this distinction is merely one of convenience. We could readily 
extend this criterion to cover lexicographic descent on a number of arguments, 
but this too is cosmetic. Working in a higher-order setting, we can express the 
likes of Ackermann's function, which stand beyond first-order primitive recur- 
sion. Of course, the interpreter for our own language is beyond it. 



3 Type Theory and Pattern Matching 

We start from a predicative subsystem of Luo's UTT [11], with rules of inference 
given in Figure 1. UTT's dependent types and inductive types and families are 
the foundation for dependent pattern matching. Programs with pattern match- 
ing are written over types in the base type universe *o> which we call small 
types. Eliminations over types to solve unification are written in *i, and the 
Logical- Framework-level universe □ is used to define a convenient presentation 
of equality from the traditional I, J and K. Our construction readily extends to 



validity 
typing 



context h valid 



r h S : a 

£ h valid r;x : S F valid 



a G {*o,*i, Q } 



context h term : term 
T h valid 



x : S E r 



r h valid 



r h valid 



r h i : S rh*o:*i f h *i : D 

f h g : a r ; z : g h T : a 



T I- Tlx:S.T : a 



a e {*o,*i, □} 



r-x : S h t : T 



r h f : Ux:S.T r h s : £ 
T h Ax:SU : Fix : S. T r \- f s : [x s]T 

r h t : S S^T r \- T : a 



r h t : T 



reduction 



term ~> term 



conversion 



term = term 



(As : S. t) s ~> [x i— > s]£ 
equivalence closure of 



plus contextual closure 



cumulativity 



term ^ term 



S = T R^S S±T 



Fig. 1. Luo's UTT (functional core) 



the additional hierarchy of universes of full UTT. The impredicative universe of 
propositions in UTT is not relevant to explaining pattern matching through the 
primitive constructs of type theory, and so we omit it. 

We identify terms that are equivalent up to the renaming of bound variables, 
and we write [x 1— > s]t for the usual capture-free substitution of s for the free 
variable x in t. 

UTT is presented through the Logical Framework, a meta-language with 
typed arities for introducing the constants and equalities that define a type the- 
ory. While the Logical Framework is essential to the foundational understanding 
of UTT, it is notationally cumbersome, and we shall hide it as much as possible. 
We shall not distinguish notationally between framework T7 kinds and object- 
level 17 types, nor between the framework and object representations of types. 
We justify this by observing that □ represents the types in the underlying frame- 
work, and that *o and *i are universes with names of specific types within □. 
However, informality with respect to universes may lead to size issues if we are 
not careful, and we shall explicitly mention the cases where it is important to 
distinguish between the framework and object levels. 

There is no proof of the standard metatheoretic properties for the theory 
UTT plus K that we take as our target language. Goguen's thesis [8] establishes 
the metatheory for a sub-calculus of UTT with the Logical Framework, a single 



universe and higher-order inductive types but not inductive families or the K 
combinator. Walukiewicz-Chrzaszcz [23] shows that certain higher-order rewrite 
rules are terminating in the Calculus of Constructions, including inductive fam- 
ilies and the K combinator, but the rewrite rules do not include higher-order 
inductive types, and the language is not formulated in the Logical Framework. 

However, our primary interest is in justifying dependent pattern matching by 
translation to a traditional presentation of type theory, and UTT plus K serves 
this role very well. Furthermore, the extensions of additional universes, inductive 
relations and the K combinator to the language used in Goguen's thesis would 
complicate the structure of the existing proof of strong normalization but do not 
seem to represent a likely source of non-termination. 



3.1 Telescope Notation 

We shall be describing general constructions over dependent datatypes, so we 
need some notational conveniences. We make considerable use of de Bruijn's 
telescopes [5] — dependent sequences of types — sharing the syntax of contexts. 
We also use Greek capitals to stand for them. We may check telescopes (and 
constrain the universe level a of the types they contain) with the following 
judgment: 

r h valid rh S : a r-,x:S \- A tclc(a) 
fh£ tde(a) P h x : S; A tele(a) 

We use vector notation t to stand for sequences of terms, ti\...;t n . We identify 
the application / t±; . . . ;t n with f t\ ... t n . Simultaneous substitutions from a 
telescope to a sequence are written [0 h-> tj, or [i] if the domain is clear. Substi- 
tuting through a telescope textually yields a sequence of typings t\ : Ti ; . . . ; t n : T n 
which we may check by iterating the typing judgment. We write t : 0 for the 
sequence of typings [ij<9, asserting that the t's may instantiate 0. We also let 
r h a A assert that a is a type-correct substitution from A to -T-terms. 

We write TTA T to iterate the TT-type over a sequence of arguments, or 
A^T if T does not depend on A. The corresponding abstraction is A A t. We 
also let telescopes stand as the sequence of their variables, so if / : TTA T, then 
A h / A : T. The empty telescope is £, the empty sequence, e. 



3.2 Global Declarations and Definitions 

A development in our type theory consists of a global context r containing dec- 
larations of datatype families and their constructors, and definitions of function 
symbols. To ease our translation, we declare global identifiers g with a tele- 
scope of arguments and we demand that they are applied to a suitable sequence 
wherever they are used. Each function f(A) : T has a nonempty set of com- 
putation rules. We extend the typing and reduction rules (now contextualised) 
accordingly: 

g{0):Ter r;Aht:0 r _ r 

F; A H 9 * : W T MATCHES (p, t) 9 



We take the following at least to be basic requirements for defined functions. 

Definition 7 (Function Criteria) To extend T with f(A) : T with computa- 
tion rules {[Ai] f pi r\ | 0 < i < n}, we require that: 

— T; A\- T : U ; 

— the computation rules arise as the leaves of a splitting tree solving [A] f A, 

— the corresponding program is structurally recursive, 

— if ri is i ► ei, then F; Ai H ej : P,;. 

We shall check basic properties of pattern matching computation shortly, but 
we first give our notion of data (and hence splitting) a firm basis. 

Definition 8 (Inductive Families) Inductive families with n > 1 construc- 
tors are checked for strict positivity and introduced globally as shown in figure 2. 
We write D for the telescope E; z : D E. 



r h S tele(* 0 ) {r\D(2):-k 0 h Aj con(gQ | i < n}; 

r; D(g):* 0 ; {*(A7)ib Ui\i< n}; 

^{{Mi-.WAi. HYPS(Z\i, big) — >*i | i < n};D):*i 

{[M; Ai] Ed -Mi (a Ai) h-> Mi Ai recs(A, E D M) \ i < n}; 

e D (P:D-»*i;{m i :nz\ l . HYPS(Z\i,LlTTLE(P))^P«i (c Ai) \ i < n};D):PD 

{[P; m; Ai] e D P M Ui (q Ai) h-> rm Ai recs(A, e D P rh) \ i < n} 

h valid 



where big(_, _) => *i little(P)(?7, a;) => PiTa; 

r-0\-u : E r;O\-A:* 0 P|D(g) :* 0 ; 6>; o : A h A con(u) 

r\D(E):*o;& I" e con(u) P|D(S) :* 0 ; © I" a : A; A con(tt) 

HYPS(e, H) £ HYPS(a : A; A, h) ==> HYPS(A H) 

RECS(e, /) £ RECS(a : A; A, f) => RECS(/i, /) 

r-,e\-<P tele(* 0 ) r;0;<P\-v : g P|D( :* 0 ; 6> h con(w) 
P|D(g) :*o; 0 I- r : TT<£. D A con(u) 
HYPS(r : TT$. D v; A, h) r' : T7<P. n(v, r <P); hyps(Z\, h) 
recs(V : D v; A, f ) (\$. f v (r <£)); recs(zA, /) 

Fig. 2. Declaring inductive types with constructors 



In Luo's presentation [11], each inductive datatype is an inhabitant of □; it is 
then given a name in the universe *o- There is a single framework- level eliminator 
whose kind is much too large for a UTT type. Our presentation is implemented 
on top: D really computes Luo's name for the type; our UTT eliminators are 



readily simulated by the framework- level eliminator. This definition behaves as 
usual: for Nat, we obtain 

Nat : * 0 ; zero : Nat; suc(n : Nat) : Nat; 
ENat(Z S : Nat — * *i — * *i; n: Nat) :*i; 

[Z; S] E Nat Z S zero ^ Z 
[Z; S; n) E^ at Z S (sue n) i— > S n (E|\| at Z S n) 

e Nst{P '■ Nat — > -k\\ z : P zero; s:Wn : Nat. P n — > P (sue n); n : Nat) : P n; 

[P; z; s] eN a t P z s zero i— » z 
[P; z; s; n] e^ at P z s (sue n) i— » s n (ei\| at P z s n) 

Given this, the Fin declaration yields the following (we suppress Epi n ): 

Fin(n : Nat) :*o; fz(n:Nat) : Fin (sue n); fs(n:Nat; i : Fin n) : Fin (sue n); 
EFin ■ ■ ■ ; 

ef ln (P : TTn:Nat. Fin n — > *i; 

z : TTn:Nat. P (suc n) (fz„); s : TTn:Nat; z : Fin n. P„ i -> P (sLlc n) (fs„ i); 

n : Nat; i : Fin n) : P„ i 
[P; z; s; n] epi n P z s (sue n) (fz„) i— > z n 
[P; z; s; n; i] epj n P z s (sue n) (fs„ i) h s n i (eFin P z s n i) 

All of our eliminators will satisfy the function criteria: each has just one split, 
resulting in specialised, inaccessible patterns for the indices. As the indices may 
be arbitrary terms, this is not merely convenient but essential. Rewriting with the 
standard equational laws which accompany the eliminators of inductive families 
is necessarily confluent. 

Meanwhile, empty families have eliminators which refute their input. 

P h S tclc(* n ) 

P; D(H):* 0 ; E D (D):*i; _ _ [S; x] E D S x rtl x; 

e D (P : D->*x;D):P D; [P; 5; x] e D P 3 x rtl x 

h valid 



We have constructed families over elements of sets, but this does not yield 
'polymorphic' datatypes, parametric in sets themselves. As Luo does, so we 
may also parametrise a type constructor, its data constructors and eliminators 
uniformly over a fixed initial telescope of UTT types, including *q . 

3.3 Valid Splitting Trees and their Properties 

In this section, we deliver the promised notion of 'valid splitting tree' and show 
it fit for purpose. This definition is very close to Coquand's original construction 
of 'coverings' from 'elementary coverings' [4]. Our contribution is to separate the 
empty splits (with explicit refutations) from the nonempty splits (with nonempty 
subtrees), and to maintain our explicit construction of patterns in linear con- 
structor form with inaccessible terms resulting from specialisation. 



Definition 9 (Valid Splitting Tree) A valid splitting tree for f (A) : T has 

root problem [A] f A. At each node, 

— either we have 4'he: []~pl]T and computation rule 

[A']fp^> e 

— or we have problem [A x ; x : Dv; x A]tp[x] and for each constructor c(A c ) : Du, 
unification succeeds for u and v, in which case 

• either all succeed negatively, and the node is the computation rule 

[A x ;x:Dv; x A] 1 0[x] rtl x 

• or at least one succeeds positively, and the node is a split of form 

[A x ;x:Dv; x A] f p[x] 
x{S 

Each positive success yields a pair (A', a) where a is a most general 
idempotent unifier for u and v satisfying A' h aA c ; oA x and dom(ct) l+J 
A' = A c 1+1 A x , and contributes a subtree to S with root 

[A';a[x^cA c ] x A)fap[c A c ] 

We shall certainly need to rely on the fact that matching well typed terms 
yields type-correct substitutions. We must also keep our promise to use inacces- 
sible terms in patterns only where there is no choice. 

Definition 10 (Respectful Patterns) For a function f (A) : T , we say that 
a programming problem [A'\ f p has respectful patterns provided 

- A' h [pi : A 

- if 0\- a : A and matches (p, a) => 9, then 0 h 9 A' and 9\p\ = a. 

Let us check that valid splitting trees maintain the invariant. 

Lemma 11 (Functions have respectful patterns) Iff(A) : T with compu- 
tation rules {[Ai] f pi | 0 < i < n} satisfies the function criteria, then [Aj] f p t 
has respectful patterns. 

Proof The root problem [A] f A : T readily satisfies these properties. We 
must show that splitting preserves them. Given a typical split as above, taking 
[A x ; x : Dv; x A]fp[x] to some [A'; x A]f ap[cA c ]. Let us show the latter is respectful. 

We have A x ; x : D v; X A h \p[x\] : A, hence idempotence of a yields A'; x : 
D av; <J X A h \o-p\x\~\ : A. But c aA c : D au = D av, hence A 1 ; X A h \ap[c Z\ c ]] : A. 

Now suppose MATCHES(erp[c A c ],a) =^ 4> for <P h a : A. For some b : A c , 
we must have matches (p[x], a) =>• 9; [x i— > c b). By assumption, the p[x] are 
respectful, so <P h (9; [ihc b))(A x ;x : D v; X A), hence c b : D 9v = D [A c i-> b]u, 
and 6; [x i— > c 6] = a. Rearranging, we get 9; [A c i— > 6j [p[c A c ] = a]. 



But 9; [A c I— > b]y unifies u and v and thus factors as 9' ■ a as a is the most 
general unifier. By idempotence of a, 9' and 0; [A c i— ► fejy coincide on A'. But 
<^ coincides with 9; [A c i— > 6] on zi' because they match the same subterms of 
the a, so 9; [A c t—>b\ = <f> ■ a, hence cf>\ap[c A c ]~\ = a. Moreover, we now have 
<P h ((f) ■ a)A c and <P h (<j> ■ <j)(A x ; x : D v; X A), but idempotence makes A' a 
subcontext of cr(Z\ c ; /I 1 ), so h (f>(A'; a x A) as required. □ 

Lemma 12 (Matching Reduction Preserves Type) If & \- f a : A and 

f (Z\) : T has a computation rule [A'] f p i— > e /or w/iic/i matches (p, a) =>■ 6*, 
tten G\-6e: A. 

Proof By inversion of the typing rules, we must have [a]T d A. By respect- 
fulness, we have 0 h 6*Z\' and a = By construction, Z\' h e : [[p]]T, hence 
0\- 9e : [9\p\]T = [a]T r< A. ~ □ 

Lemma 13 (Coverage) If a function f (A) : T is given by computation rules 
{[Ai] f pi n : Pi | 0 < i < n}, then for any 0 \- t : A, it is not the case that for 
each i, matches^, i) -ft- conflict. 

Proof An induction on splitting trees shows that if we have root problem f p 
and matches (p, t) ==> 9 for well typed arguments t, matching cannot yield 
conflict at all the leaf patterns. Either the root is the leaf and the result is 
trivial, or the root has a split at some x : Dv. In the latter case, we cither have 9x 
not in constructor form and matching gets stuck, or 9x = c b where c(A c ) : D v, 
hence unifying u and v must have succeeded positively yielding some a for which 
we have a subtree whose root patterns, <rp[c A c ] also match t. Inductively, not 
all of this subtree's leaf patterns yield conflict. □ 

It may seem a little odd to present coverage as 'not conflict in all cases', 
rather than guaranteed progress for closed terms. But our result also treats 
the case of open terms, guaranteeing that progress can only be blocked by the 
presence of non-constructor forms. 

Lemma 14 (Canonicity) For global context r, if T h t : Dv, with t in normal 
form, then t is cb for some b. 

Proof Select a minimal counterexample. This is necessarily a 'stuck function', 
f a. By the above reasoning, we must have some internal node in f 's splitting 
tree [A x ; x : D v; X A] f p[x] with flfpja;]] = a but r h 9x : D 9v a non-constructor 
form. But 9x is a proper subterm of f a, hence a smaller counterexample. □ 

Lemma 15 (Confluence) If every function defined in r satisfies the function 
criteria, then is confluent. 

Proof Function symbols and constructor symbols are disjoint. By construc- 
tion, splitting trees yield left-hand sides which match disjoint sets of terms. 
Hence there are no critical pairs. □ 



4 Translating Pattern Matching 



In this section, we shall give a complete translation from functions satisfying the 
function criteria and inhabiting small types to terms in a suitable extension of 
UTT, via the primitive elimination operators for inductive datatypes. We do this 
by showing how to construct terms corresponding to the splitting trees which 
give rise to the functions: we show how to represent programming problems as 
types for which splitting trees deliver inhabitants, and we explain how each step 
of problem reduction may be realised by a term. 

4.1 Heterogeneous equality 

We must first collect the necessary equipment. The unification which we take 
for granted in splitting trees becomes explicit equational reasoning, step by step. 
We represent problems using McBride's heterogeneous equality [16]: 

Eq(s,T:* 0 ; s : S; t : T) :*i; refl(fl : * 0 ; r : R) : Eq^ r r; 
subst(fi:* 0 ;s,t:R; q:Eq RR s t; P:R—**i;p:P s):P t; 
[R; r; P;p) subst# ;r;r (ref\ R r) P p i— ► p 

Eq is not a standard inductive definition: it permits the expression of hetero- 
geneous equations, but its eliminator subst gives the Leibniz property only for 
homogeneous equations. This is just a convenient repackaging of the traditional 
homogeneous identity type family I. The full construction can be found in [15]. 

It is to enable this construction that we keep equations in *i. We shall be 
careful to form equations over data sets, but not equality sets. We are unsure 
whether it is safe to allow equality sets in *o, even though this would not yield 
an independent copy of *o in *o- At any rate, it is sufficient that we can form 
equations over data and eliminate data over equations. 

We shall write s ~ t for Eqsr s t when the types S, T are clear. Furthermore 
Eq precisely allows us to express equations between sequences of data in the same 
telescope: the constraints which require the specialisation of datatype indices 
take exactly this form. Note we always have D tele (*n), hence if s, t : D, we may 
form the telescope of equations ?i:si~ti; ... ;q n :s n ~t n tele (*i ) which 
we naturally abbreviate as s ~ t. Correspondingly, we write refl t : t ~ t. 

4.2 Standard Equipment for Inductive Datatypes 

In [17], we show how to equip every datatype with some useful tools, derived from 
its eliminator, which we shall need in the constructions to come. To summarise, 

caseo is just ep weakened by dropping the inductive hypotheses. 

BelowD(f : D — ► *i; D) : *i is the 'course of values', defined inductively by 
Gimenez [7]; simulated via Ed, Belowo P 3 z computes an iterated tuple 
type asserting P for every value structurally smaller than z. For Nat we get 

BelowN a t P zero i— ► 1 

BelowN at P (sue n) i— ► BelowN at P n x P n 



below D (P:D ->■ *i; p:TTD. Below D P D — > P D; D):Below D P D constructs 
the tuple, given a 'step' function, and is simulated via ep: 

belowi\| at P p zero i— > () 

belowN a t P p (sue n) i— > (Ab : Below^t P n. (b, p n b)) (belowNat P p n) 

rec D (P : D — > *i; p : TTD. Below D P D -> P D; D) : P D is the structural 
recursion operator for D, given by recp P p D i— ► p D (belowo P p D) 

We use casep for splitting and recp for recursion. For unification, we need: 

noConfusioriD is the proof that D's constructors are injective and disjoint — 
also a two- level construction, again by example: 

NoConfusiori|\| at (P : *i; x, y : Nat) :*i 
NoConfusionNat P zero zero i— » P — > P 
NoConfusionNat P zero (sue y) >—> P 
NoConfusionNat P (sue x) zero >^ P 
NoConfusioriNat P (sue a;) (sue y) i— > (a; ~ > P) — » P 

noConfusionNat(P : *i; x, j/ : Nat; q:x ~ y) : NoConfusioriNat P x y 
noConfusionNat -P zero zero (refl zero) i— >Ap:P.p 
noConfusionNat P (sue x) (sue x) (refl (sue n)) i— » Ap : x ~ x — > P. p (refl x) 

NoConfusiono is simulated by two appeals to Ed; noConfusiono uses 
subst once, then casep to work down the 'diagonal'. 
noCycleo disproves any cyclic equation in D — details may be found in [17]. 

Lemma 16 (Unification Transitions) The following (and their symmetric 
images) are derivable: 



deletion 



m:TTA P 



h AZ\; q. m A 

: TTA t~t^>P 



solution 



m : UA°. [x i-> tlTTZi 1 . P 



h A A; g. subst Ttx q (Ax. TTA; A. P) m A 0 A 
: TTA t~x^P 



i± A~ A°;x:T; A and A h f : T 



injectivity 



m : TTA s~t^P 



h A A g. noConfusion P (c s) (c t) g (m Zi) 
: TTA c s ~ c f-> P 



conflict 



h AZ\; g. noConfusion P (chalk s) (cheese t) g 
: TTA chalk s ~ cheese i — > P 



cycle 



h AZ\; g. noCycle P ... g . . . 

: TTA x ~ c [p[x]] ->■ P 



Proof By construction. 



□ 



4.3 Elimination with Unification 



In [16], McBride gives a general technique for deploying operators whose types 
resemble elimination rules. We shall use this technique repeatedly in our con- 
structions, hence we recapitulate the basic idea here. Extending the previous 
account, we shall be careful to ensure that the terms we construct not only have 
the types we expect but also deliver the computational behaviour required to 
simulate the pattern matching semantics. 

Definition 17 (Elimination operator) For any telescope r h S tcle (*o), we 
define a S -elimination operator to be any 

e : WP:WS.-k x . (WA t . P s{) -> > (UA n , P s n ) -> US. PS 

Note that eo is a D-elimination operator; casep and recp are also. We refer 
to the S as the targets of the operator as they indicate what is to be eliminated; 
we say P is the motive as it indicates why; the remaining arguments we call 
methods as they explain how to proceed in each case which may arise. Now let 
us show how to adapt such an operator to any specific sequence of targets. 

Definition 18 (Basic analysis) If e is a S-elimination operator (as above), 
A telc (*n) and A\- T : *i, then for any A h t : S , the basic e-analysis of WA. T 
at t is the ( clearly derivable ) judgment 

mi : TiAi, AS~f->T;...; m n :UA n ; A. S ~ f-> T 
h XA. e (AS. WA. S ~ F-> T) m x ■■■ m n t A (refl i) : WA. T 

Notice that when e is casep and the targets are some v; x where x : Dv € A, 
then for each constructor c (Z\ c ) : D u, we get a method 

m c : WA C ; A. u ~ v -> c A c ~ a; -> T 

Observe that the equations on the indices are exactly those we must unify to 
allow the instantiation of x with c A c . Moreover, if we have such an instance 
for x, i.e. if 9 unifies u and v, and takes x i— >• c 0Z\ C , then the analysis actually 
reduces to the relevant method: 

case D (AD. WA. ~ ~ T) m 6v (c 6>Z\ C ) 6 A (refl 6»w) (refl (c 0A C )) 
~> m c 6»Z\ C 6>Z\ (refl (9w) (refl (c 6»Z\ C )) 

We may now simplify the equations in the method types. 

Definition 19 (Specialisation by Unification) Given any type of the form 
WA. u ~ v — * T : we may seefc to construct an inhabitant — a specialiser — by 
exhaustively iterating the unification transitions from lemma 16 as applicable. 
This terminates by the usual argument [10], with three possible outcomes: 

negative success a specialiser is found, either by conflict or cycle; 



positive success a specialiser is found, given some m : WA' . aT for a a most 

general idempotent unifer of u and v, or 
failure at some stage, an equation is reached for which no transition applies. 

Lemma 20 (Specialiser Reduction) If specialisation by unification delivers 

m : WA'. aT\- s : WA. u ~ v -> T 

then for any O h OA unifying u and v we have s 9 A (refl 6u) ^* m OA' . 

Proof By induction on the transition sequence. The deletion, solution and 
injectivity steps each preserve this property by construction. □ 

We can now give a construction which captures our notion of splitting. 

Lemma 21 (Splitting Construction) Suppose A h T : *i, with A tele (*o), 
A x ) x\Dv; x Atele(-ko) and A x ; x : Dv; X A h \p[x]~] : A. Suppose further that for each 
c (A c ) : D u, unifying u with v succeeds. Then we may construct an inhabitant 
f : TTZ^; x :D v; X A. |"p[a;]]]T over a context comprising, for each c with positive 
success, 

m c : WA'; a[x ^ c A C ] X A. §ap[c A C ]]]T 
for some most general idempotent unifier A' h o-(A c ; A x ). In each such case, 

f oA x (c aA c ) x A -x** m c A' X A 

Proof The construction is by basic caseo-analysis of WA X ;x:Dv; X A. |"p[a;]]]T 
at v; x, then specialisation by unification for each method. The required reduction 
behaviour follows from lemma 20. □ 

4.4 Translating Structural Recursion 

We are very nearly ready to translate whole functions. For the sake of clarity, 
we introduce one last piece of equipment: 

Definition 22 (Computation Types) When implementing a function f (A) : 
T, we introduce the family of f -computation types as follows: 

Comp-f(Z\):* 0 ; return-f (A; t : T) : Comp-f A 

call-f(Comp-f):T 

call-f A (return-f A t) ^ t 

where call-f is clearly definable from ec om p-f • 

Comp-f book-keeps the connection between f's high-level program and the 
low-level term which delivers its semantics. We translate each f-application to the 
corresponding call-f of an f-computation; the latter will compute to a return-f 
value exactly in correspondence with the pattern matching reduction. The trans- 
lation takes the following form: 



Definition 23 (Application Translation) Ifi(A) : T is globally defined, but 
A\- f : Comp-f A for some f not containing f , the translation {—}( takes 

{ft}/ => call-f {t}{([W t ]f) 

and proceeds structurally otherwise. Recalling that we require global functions to 
be applied with at least their declared arity, this translation removes f entirely. 

Theorem 24 // f (A) : T has a small type and computation rules [Ai] f pi Ti 
satisfying the function criteria, then there exists an f such that 

A h / : Comp-f A and s "-»r,-f t implies {s}£ ~^>~^ 

Proof It suffices to ensure that the pattern matching reduction schemes are 
faithfully translated. For each i such that returns a value i — s- , we shall have 

{f \M f f = call-f \pi\ m]f call-f \pi\ (return-f \p{\ fetf) {ej£ 

Without loss of generality, let f be structurally recursive on some x : D v, jth in 
A. The basic recp-analysis of TTZ\. Comp-f Z\ at tf; x requires a term of type 

TTD. Below D P D ^ TTA D ~ v; x -> Comp-f zi 

where P = AD. T7A D ~ tf; a; — ► Comp-f A Specialisation substitutes v; x for D, 
yielding a specialiser [m]s of the required type, with 

m : T\A. Belowp Pwn Comp-f A; Ah recp P [m]s v x A (refl v; x) 

~>J, m Z\ (belowQ P [rajs u x) : Comp-f Z\ 

by definition of reco and specialisation reduction. We shall take the latter to be 
our /, once we have suitably instantiated m. To do so, we follow f's splitting 
tree: lemma 21 justifies the splitting construction at each internal node and at 
each fh y leaf. Each programming problem [A'] f p in the tree corresponds to the 
task of instantiating some w! : T\A' . Belowo P x)) — > Comp-f \p\ where, 

again by lemma 21, m \p\ ~^* r m' A' . 

The splitting finished, it remains to instantiate the corresponding to each 
[Ai\ f Pi i— > ej. Now, [A i — ► takes a; : D t; to some \pif\ : D 5, so we may take 

mi f — * AA; P : Belowp P u [p^] . return-f \pi] e\ 

where e\ is constructed by replacing each call f r in a by an appropriate appeal 
to P. As f is well typed and structurally recursive, so [A <— > r\ maps x : D v to 
Tj : Dw where rj -< [ftj]. By construction, Below q Pu [Pij] reduces to a tuple of 
the computations for subobjects of \pif\- Hence we have a projection g such that 
g H : II A. w; rj ~ v; x — ► Comp-f Z\ and hence we take call-f r(g H r (refl u;; rj)) 
to replace f r, where by construction of below q, 

call-f r(g (belowp P [ra]s u \pij\) r (refl w; rj)) 
~^* r call-f f ([m]s w rj r (refl w; rj)) 

call-f f(m r (belowo P [m]s w rj)) 
= {fr}{ 



So, finally, we arrive 



at 



{f \m{ = call-f 



\Pi] (m \pi] (below D P [m]s u \p lj 1 \)) 
{mi Ai (below D P [m]s u {pij])) 
\pi] (return-f \pi] [H h-> below D P [m]s u [pyl]et) 
\Pi] (return-f \pi] {ejjf ) 



■^* r call-f 
~** r call-f 
call-f 




as required. 



□ 



5 Conclusions 

We have shown that dependent pattern matching can be translated into a power- 
ful though notationally minimal target language. This constitutes the first proof 
that dependent pattern matching is equivalent to type theory with inductive 
types extended with the K axiom, at the same time reducing the problem of the 
termination of pattern matching as a first-class syntax for structurally recursive 
programs and proofs to the problem of termination of UTT plus K. 

Two of the authors have extended the raw notion of pattern matching that 
we study here with additional language constructs for more concise, expressive 
programming with dependent types [18]. One of the insights from that work is 
that the technology for explaining pattern matching and other programming lan- 
guage constructs is as important as the language constructs themselves, since the 
technology can be used to motivate and explain increasingly powerful language 
constructs. 
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